Security vendor Qualys is now throwing its hat into the commercial WAF ring with a new WAF service in the cloud. The goal of the QualysGuard WAF is to enable more organizations to leverage WAF technology to protect their applications.

"We've noticed that traditional WAFs are usually hardware appliances and usually difficult to use," Ivan Ristic, director of Engineering at Qualys told InternetNews.com. "The problem is that even for companies that can afford WAF tools, they're only using them for their most precious assets."

According to Ristic, that all means there is a long tail of websites that aren't being protected by a WAF. The Qualys WAF only requires that a network is in control of its domainname in order to begin the process of setting up the protection. Administrators simply need to make a DNS change to redirect traffic to go through the Qualys' global network of proxy servers.

"We see all the traffic and we're able to screen it," Ristic said. "Once we're sure that it's not malicious we pass it to the actual real site."

The same process works in reverse to check all outgoing traffic from an enterprise for any potential unauthorized information leakage.